Thanks!
I installed openmediavault_4.0.14-amd64.iso, and installed updates (4.0.16-1 Arrakis).
...
I tried with the script, but the sssd service did not start because of this: "Failed to read keytab [default]: No such file or directory".
After that I was trying with this: Guide how to join OpenMediaVault 3.x in an Active Directory domain
On it I was not able to continue here: "Restart SSSD" because "Failed to read keytab [default]: No such file or directory".
So I google that error and got this page: "http://felipeferreira.net/index.php/2017/01/failed-to-read-keytab-default/"

Now I am trying to figure how to assign AD users/groups to SMB shared folders, the default settings allows me to access shared folders at least.

Thank you very much!
OMV is a great software.
(I speak Spanish, please excuse any mistake).

The post was edited 1 time, last by jorgeavm: Version Info (Jan 12th 2018, 4:40pm).

First reboot and clear the sssd data base. One of last steps in the script. Then getent passwd Does that show your users? If so look at the uid numbers. Are they less than 60000? If greater either edit /etc/login.defs or look at the setting in my smb.conf.

I've gotten FreeIPA/Samba semi-working by adding security = user to the SMB options. This bypasses the kerberos checks and authenticates logins against the local list - which is already synced successfully with FreeIPA. Windows machines can then use an IPA domain user's credentials to access SMB shares.

They still can't use their own credentials, so it's not perfect. But it's working, which is important for the WAF.

New to openmediavault, old to sssd. Just got this working on my new install.

Install necessary tools. (Haven't seen libsasl2-modules-gssapi-mit as a dependency on any other online Debian guides, so I want to call it out here. This solved an issue I had with GSSAPI saying there were no SASL methods between my AD and OMV server).

Shell-Script

realm join -U PCBuilder AD.HAILSATAN.COM --verbose

Add the following configuration line to /etc/krb5.conf, because most people have their DNS setup like shit. This is a default in RHEL/CentOS. Solves the GSSAPI error (Server not found in kerberos database).

Shell-Script

rdns =False

Most people don't want to use FQDN's so make this sensible change to /etc/sssd.conf